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DETAILED ACTION 

1 . In view of the Appeal Brief filed on October 1 1 , 2005, PROSECUTION IS 
HEREBY REOPENED. A new ground of rejection set forth below. 

To avoid abandonment of the application, appellant must exercise one of the 
following two options: 

(1) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply 
under 37 CFR 1 . 1 1 3 (if this Office action is final); or, 

(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41 .31 followed 
by an appeal brief under 37 CFR 41 .37. The previously paid notice of appeal fee and 
appeal brief fee can be applied to the new appeal. If, however, the appeal fees set forth 
in 37 CFR 41.20 have been increased since they were previously paid, then appellant 
must pay the difference between the increased fees and the amount previously paid. 

A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by 
signing below: Claims 1-26 are pending. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claims 1-17, 19-24 and 26 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Schneier et al. (U.S. Patent No. 5,978,475). 
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In respect to claims 1,10 and 1 9, Schneier discloses a system and method 
comprising: 

a target; a probe operable to execute in the target and collect a predetermined 
set of data associated with the target; and a monitor operable to receive the collected 
predetermined set of data to compare with expected data values to determine whether 
the target has been altered (e.g. col. 6, line 41 -col. 7, line 19, target, untrusted 
computer, monitor-trusted computer, a probe-audit log, "transmit it to the trusted 
computer for verification", "verification-the set of operations done on the logfile to 
guarantee that it hasn't been altered...", col. 7, lines 14-19). 

In respect to claims 2, 1 1 and 20, Schneier further discloses wherein the probe is 
resident in the target (e.g. col. 7, lines 5-13). 

In respect to claims 3, 12 and 21, Schneier further discloses wherein the monitor 
is operable to send the probe to the target for execution (e.g. col. 7, lines 5-6). 

In respect to claims 4, 1 3 and 22, Schneier further discloses wherein the probe 
repeatedly executes and the predetermined set of data varies for each execution of the 
probe (e.g. col. 7, lines 7-8). 
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In respect to claim 5, Schneier further discloses wherein the predetermined set of 
data includes system attributes and system usage data (e.g. col. 1, lines 34-52 and col. 
6, lines 51-64). 

In respect to claims 6 and 15, Schneier further discloses wherein the probe is 
operable to calculate a signature value of at least a portion of an execution image of the 
probe (e.g. col. 8, line 45-col. 9, line 2). 

In respect to claims 7 and 16, Schneier further discloses wherein the monitor is 
operable to compare the calculated signature value to an expected signature value (e.g. 
col. 8, line 45-col. 9, line 2). 

In respect to claims 8, Schneier further discloses wherein the probe is operable 
to determine a signature value of a random subset of an execution image of the probe 
(e.g. col. 18, lines 23-28). 

In respect to claims 9 and 17, Schneier further discloses wherein the probe is 
operable to generate an encryption key from the signature value for encrypting the 
collected predetermined set of data (e.g. col. 8, line 45-col. 9, line 2). 

In respect to claims 19 and 26, Schneier further discloses receiving collected 
data encrypted by the probe using an encryption key derived from a self-hash value, the 
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data including system attribute data and system usage data; from a self-hash value, the 
data including system attribute data and system usage data; decrypting the encrypted 
data; and verifying the system attribute data (e.g. Col. 1, lines 34-52, col. 5, lines 5-20, 
col. 6, line 51 -col. 7, line 19 and col. 8, line 45-col. 9, line 3). 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. - 

Claims 1, 10 and 19 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Hill et al. (U.S. Patent No. 6,088,804). 

In respect to claims 1, 10 and 19, Hill discloses a system and method 
comprising: 

a target; a probe operable to execute in the target and collect a predetermined 
set of data associated with the target; and a monitor operable to receive the collected 
predetermined set of data to compare with expected data values to determine whether 
the target has been altered (e.g. col. 3, lines 1-16, col. 4, lines 30-41, security agent- 
probe, security event-set of data items associated with the target, col. 5, lines 46-52, 
col. 4-22, node-target, agents send info, for collection and comparison). 
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Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C, 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 18 and 25 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Schneier et al. (U.S. Patent No. 5,978,475). 

In respect to claims 1 8 and 25, Schneier further discloses sending the encrypted 
data to a monitor, the data including system attribute data and system usage data; 
Decrypting the encrypted data using a decryption key; Verifying the system attribute 
data; and (e.g. Col. 1, lines 34-52 and col. 6, line 51 -col. 7, line 19, col. 8, line 45-col. 9, 
line 3). Schneier does not disclose generating billing data based on the system usage 
data in response to the system attribute data being verified. However, Office Notice is 
taken that generating billing according to system usage is old and well known. It would 
have been obvious to one of ordinary skill in the art at the time the invention was made 
to implement security audit logging and verifying operation taught by Schneier to 
generate billing according to the information for billing purposes. 

Conclusion 

5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tongoc Tran whose telephone number is (571) 272- 
3843. The examiner can normally be reached on 8:30-5:00. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jacques Louis-Jacques can be reached on (571) 272-3962. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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